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This document aims to describe 03-DPACS functionalities and the philosophy behind its development. For 
any additional information write to info@o3enterprise.eu. 
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COMPANY OVERVIEW 



03 Enterprise is a University of Trieste Spin-off company that was born in January 2008. It was promoted 
and created by the Bioengineering and ICT group at the University of Trieste, founded by Professor Paolo 
Inchingolo. Its main objective is to accompany the project 03-Consortium (www.o3consortium.eu), that is 
maintained and managed by the same group under the umbrella of the Higher Education in Clinical 
Engineering (HECE) 03 Enterprise offers professional services and innovative solutions for the e-health 
based on 03 Consortium products. 

The approach that distinguishes the 03-Enterprise's solutions is to prefer, where possible, Open Source 
software and only consolidated standards for communication and integration with other systems. 
03 Enterprise won the local competition for innovative business ideas, called Start Cup 2007, and in April 
2008 ITAL TBS SPA, a European leading company in clinical engineering services, joined its capital. 



INTRODUCTION 



This document aims to describe the features of 03-DPACS that is part of 03 Consortium open source suite. 
The services on this system offered by 03 Enterprise are even included in this document. 
Actually the systems that compose the 03 Consortium suite are: 

• A PACS (Picture Archiving and Communication System) system, named 03-DPACS (03-Data & 
Picture Archiving and Communication System), which is able to store and manage all kind of 
DICOM data and images; 

• A workstation system, named 03-RWS (03-Reporting Workstation), which is able to show the 
DICOM data and images contained in a PACS system. It offers numerous tools for evaluate the 
data and create the report; 

• An endoscopy system, named 03-Endoscopy, which is able to acquire and manage endoscopic 
images and video clips. 

COMMON FEATURES 

03 Consortium products are distinguished for the following strengths: 

• Scalability 

03 systems can be installed either on a simple laptop or on complex hardware infrastructure, 
including cluster systems. 

• Open Source 

03 systems are Open Source and covered by GPL licence. 

• Open Standard 

All communications lay on open and consolidated standards, as DICOM and HL7. 

• Interoperability 




03 systems are inspired by IHE (Integrating the Healthcare Enterprise) philosophy and most of 
them are fully compliant with the guidelines provided by this initiative. 

• Internationalization 

03 systems are easily translatable for an international use. Currently the available languages are 
English and Italian. 

• Portability 

The use of Java technology and Web solutions allows total independence from the operating 
system and hardware configurations. There is therefore no choice forced by the user, but the 
products are adapted to individual needs. 

• CE Marking 

All 03 systems are covered by CE mark. 

• Online Demo 

All 03 systems are freely testable on the Internet, trough 03-Consortium web site at 
www.o3consortium.eu. 



03-DPACS SYSTEM 



INTRODUCTION 

03-DPACS is a PACS (Picture Archiving and Communication System) extended to all types of data and 
signals that can be managed through DICOM protocol. It is the latest evolution of the DPACS system, born 
in 1996 thanks to the Group of Bioengineering and Information Technology of Professor Paolo Inchingolo. 
The goal of this system, inserted into a larger project from the same name, was to create a basis for 
developing an Open Source, scalable, low cost and universal system to save, manage and provide all the 
health's information of every European citizen, thus offering an EHR of European level. 
In 2004, the DPACS project was completely re-projected and DPACS 2004 was born. This new system aimed 
to apply the huge know-how acquired in several years of DPACS project to the new technologies and 
frontiers of the medicine. The following year DPACS 2004 has been included in the 03 Consortium project. 

ARCHITECTURE 

The 03-DPACS system is based on the following software architecture: 





Picture 1: 03-DPACS Multi Layer Architecture 



APPLICATION SERVER 

The application server used by 03-DPACS is the latest stable version of Jboss, 4.2. 3GA. Jboss is one of the 
most popular Application Server, completely Open Source and now used by many manufacturers of 
worldwide fame. Its strengths are the ongoing updates, thanks to a very big community of developers, and 
especially the configurability and robustness, which makes it ideal to support Enterprise applications, 
including medical ones. The Application Server uses the JDBC (Java Database Connectivity) to connect to 
the database. The use of such architecture allows 03-DPACS to connect to all types of database servers that 
have JDBC driver, making the product highly configurable and adaptable to different needs. 
03-DPACS was also successfully tested on SUN official Application Server, named Glassfish. Any Application 
Server is supported used. This makes 03-DPACS even more configurable and adaptable to the needs of the 
user. 

JAVA VIRTUAL MACHINE 

The Java Virtual Machine is the main support of 03-RWS, since the application is developed in Java and 
requires this layer to work. The choice of this technology was driven by the Java ability to be independent 
from hardware and software sub layers. This technology makes the application usable on every hardware 
configuration and also on every Operating System. This allows the user to adapt the system to its needs 
without constraints. 

OPERATING SYSTEM 

Relying entirely on Java technology, 03-DPACS is completely independent of the type of Operating System. 
In several installations has been a fairly balanced use between Windows and Linux systems (Red Hat in 
particular). 




DATABASE 

The database server used by 03-DPACS is MySQL Enterprise. Following the philosophy of 03 system, 
MySQL is also completely Open Source, which makes it suitable for use in all contexts. Since the database is 
one of the most critical pieces of the entire architecture because it contains most patient data, it was 
chosen to use the Enterprise solution, in particular the Silver one, which offers more guarantees. 03-DPACS 
was also tested on Postgres database with good results. In any case, the use of JDBC driver for connections 
makes the application independent from the database, thus providing an excellent ability to adapt to the 
user needs. 

STORAGE 

The storage module of 03-DPACS deals to save images physically on the archives. Because this service uses 
Java technology, is totally independent of the type of hardware architecture. 03-DPACS could be installed 
in NAS (Network Attached Storage), SAN (Network Attached Storage), DAS (Direct Attached Storage) and 
CAS (Content Address Storage) hardware configuration. 

A typical Hardware configuration is SAN-based and provides excellent security and good performance. It is 
shown in the following picture: 




DATABASE 03-DPACS 




Figure 2: Suggested hardware architecture 



THE MODULAR STRUCTURE 



03-DPACS is designed to be very modular, in order to enable or disable functionalities where they are 
required. This feature is essential to easily adapt the system to changing needs. The core is made of the 




modules that handle basic services necessary to manage DICOM objects. Through these modules it's 
possible to save, query and retrieve data. All 03-DPACS modules are shown in the following in figure and in 
the next few chapters are described in detail: 
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Figure 3: 03-DPACS modular structure 



DICOM/HL7 MODULES 



STORAGE 

The storage module is responsible for receiving and storing all DICOM objects that are sent to 03-DPACS. 
Usually these objects are sent from the modalities or reporting workstations. Once received an object, 03- 
DPACS extracts the information included in the DICOM header and it checks if these data are already 
present in the database. If the control succeeds, for security reasons, images are refused. Otherwise 03- 
DPACS continues the storage procedure, populating the database with the information. 
For security reasons, whenever 03-DPACS receives DICOM object, unique imprint is computed and saved 
on the database. In this way it is possible to control if images are edited or modified after the storage 
procedure. This check is done to increase the security level. 

For a complete list of accepted DICOM SOPCIassUID, read the 03-DPACS DICOM conformance statement. 



QUERY/RETRIEVE 

The Query / Retrieve module allows to query the PACS through DICOM protocol. 03-DPCS supports every 
level of DICOM queries: patient-level (Patient Root), and Study/Series/Instance level (Study Root). The 
retrieve service is done through a DICOM move operation. The same service can be used for sending 
objects between two nodes, both for consulting and backup. The complete list of query fields and other 
technical info are described in the 03-DPACS DICOM Conformance Statement. 



For security reason it is possible to limit the query results, separate them between the wards that created 
the objects. In this way it is possible to decrease the risk of improper accesses to the patient personal data. 



MODALITY PERFORMED PROCEDURE STEP 

The MPPS module allows receiving MPPS messages, sent from modalities or other DICOM nodes. MPPS 
messages are essential to track the status of exams, so that PACS and RIS keep themselves updated on the 
ongoing processes. MPPS messages can be used in two ways. They can be forwarded to one or more RIS 
systems. Or they can update the status of the internal worklist. If an exam is in progress, in fact, should be 
no longer present in the worklist. 

The 03-DPACS DICOM Conformance Statement contains all the technical information on the module 
functionalities. 

STORAGE COMMITMENT 

The Storage Commitment module is fundamental for legal issues. The DICOM storage communication is in 
fact not enough to ensure a well done saving process on the PACS. It is necessary to have an additional 
feature that is the DICOM Storage Commitment message. It should be next to a storage procedure. When 
03-DPACS receives the Storage Commitment request, pulls the file from storage and creates its unique 
imprint. If it matches with the one contained in the database, this means that the storage was done 
successfully. So 03-DPACS replays positively. If negative, it means that during the storage procedure 
something has gone wrong and it is necessary to store again the object. 

WORKLIST PROVIDER 

The worklist service is used to provide the worklist, usually for the modalities. The worklist service is 
necessary to avoid entering patient information on modality side. So the risk to generate errors and 
inconsistencies through the systems decreases drastically. Usually this service is provided by RIS. If the 
feature is not working, 03-DPACS can substitute to it, acting as a worklist dispatcher. 03-DPACS generates 
worklist by receiving messages from the HL7 interface. These messages must be formatted in accordance 
with the "Filler Order Management" transaction, included in the IHE (Integrating the Healthcare Enterprise) 
Scheduled Workflow Profile. The worklist are cancelled when an exam is done, hence receiving the 
appropriate MPPS message. 

HL7 SERVER 

The HL7 server handles HL7 communication with administrative systems. The server is able to receive all 
kinds of HL7 messages, but only those of interest are managed. 03-DPACS currently uses only messages for 
patient and order management. Regarding the patient management, 03-DPACS is totally conforming to the 
"Patient Information Reconciliation" (PIR) profile of IHE. This type of HL7 messages are used to modify the 




patient data contained in 03-DPACS in order to keep consistency between different archives. An example is 
when an exam is done for an unknown patient, e.g. in emergency. Regarding worklist management, HL7 
messaged are used to populate the worklist, following the IHE Scheduled workflow profile (SWF). 

REPORTING 

The reporting module is very useful when the reporting processes are fairly complex and involve many 
clinicians that work at the same time on the same data. This module is based almost exclusively on the IHE 
Reporting Workflow profile (RWF). Once received a DICOM object, 03-DPACS is able to create a Reporting 
worklist similar to that used for the modalities. In this way, with an appropriate DICOM client such as 03- 
RWS, it is possible to query the list of reporting worklist. This allows tracking and managing all the reporting 
activities and preventing that the same exam is reported simultaneously. The information about the status 
of each reporting task are propagated through MPPS messages, which in this particular case are named 
General Purpose Performed Procedure Step or GPPPS. 

FORWARD 

The Forward module makes sure that all exams sent to 03-DPACS, can be forwarded to other storage 
systems. This feature is useful if images should be stored on multiple archives. The forwarding module is 
able also to move studies to other archives, following configurable time rules. This feature is very useful if it 
is necessary to synchronize PACSs, e.g. used as "cache" systems, with a central PACS. It is possible to 
configure the system in order to perform the operation during the night, when the network is less 
congested. 

CORE MODULES 
COMPRESSION 

The compression module handles file compression and decompression process, with the intent to reduce 
physical space in the storage media and network bandwidth, e.g. in tele-radiology applications. For each 
DICOM node 03-DPACS connects to, it is possible to enable or disable the compression. When an image is 
received, this causes that: 

• If the image is compressed, 03-DPACS saves it without modifications; 

• If the image is not compressed, 03-DPACS compresses it before saving it physically; 

In the case of a retrieving request from a workstation, before sending the images, 03-DPACS checks if the 
client supports compressed communication. If so the images are sent even compressed. Otherwise they are 
decompressed. It's possible to force compression for outgoing images if the available bandwidth is limited. 
The compression algorithms currently enabled on 03-DPACS are the JPEG and JPEG 2000, both lossless. 

ANONYMIZATION 




03-DPACS has been designed to be a useful tool for scientific and educational purposes. For this reason it 
have been implemented some tools for data anonymization. This feature, once enabled, replaces patient 
name, surname and date of birth contained in the DICOM header with other info. This could be done both 
for outgoing and ingoing data. The patient ID field remains unmodified, in order to permit data tracking. 
This tool allows creating databases of clinical data useful for educational or scientific scope without issues 
for the privacy and the personal data protection. 

Important feature that has been added to this service is the anonymization mask. In fact some images show 
the patient's information directly on the image pixels, e.g. old ultrasound images. In case textual 
anonymization is not enough. To overcome this issue, 03-DPACS offers a masking tool that can be applied 
to those images, hiding the patient information. This mask is completely configurable for each 03-DPACS 
node. The figure below shows this useful procedure: 




Figure 4: Images' anonymization procedure 

WEB MODULES 
CONFIGURATION TOOL 

The configuration tool allows the administrator to modify 03-DPACS runtime parameters to optimize the 
system features. Any 03-DPACS parameter can be changed in order to adapt it to every environment. Since 
the tool is provided by web interfaces everything can be changed remotely, thus making unnecessary a 
physical intervention to 03-DPACS server. 

ADMINISTRATION TOOL 

Through the administration tool 03-DPACS nodes, storage area and users can be managed. Everything is 
done through a web interface, in order to avoid physical intervention on the 03-DPACS server. 

WADO SERVICE 

The WADO service (Web Access to DICOM Object) is important to facilitate integration with other systems 
that should work closely with 03-DPACS. WADO service is provided by DICOM standard. It allows receiving 
a preview of the data contained in the PACS system, after a HTTP request. In the case of images, the 
preview is sent in JPEG lossy format in order to speed up the transmission. Many other formats are 
supported. For example, in the case of multi-frame images, the preview is sent as a QuickTime video clip; in 




the case of Structure Report, the preview is a PDF document. 03-DPACS-WEB heavily exploits this service to 
provide a comprehensive view of data contained in 03-DPACS. 

To increase security, it has been provided HTTPS support with mutual authentication, so that only 
authorized users are able to view patients' data. 

SPECIAL MODULES 

Beside standard modules, it has been added some special modules for different needs. These modules are: 
XDS-I 

This module behaves as a Document Source, as defined in the IHE Cross Enterprise Document Sharing 
profile. XDS is a Document Registry/Repository that aims to provide a common infrastructure for sharing 
documents, even medical, between different enterprises. XDS-I is an extension of XDS, namely "for 
Imaging" which provides a standard method of publishing PACS images on a XDS system. 03-DPACS has 
been equipped with this feature. When an image is received, 03-DPACS communicates with the XDS 
system in order to publish it. For more information, see the IHE Technical Framework. 

BACKUP AND LEGAL ARCHIVIATION 

The Backup System integrated in 03-DPACS has been designed for two purposes. The first is to move data 
from PACS system to storage or backup systems. This feature can be used both for disaster recovery and 
long-term storage. The second purpose is to store data according to the latest regulations for legal 
archiving. Through this tool, completely configurable according user needs, it is possible to sign up the data 
contained in 03-DPACS and create volumes that can be burned to optical media or to WORM (Write One, 
Read Many) systems. 

03-DPACS-WEB 

03-DPACS-WEB is the new 03-DPACS' web interface. Its main feature is to let the user to browse the data 
contained in 03-DPACS. This feature is suitable for wards distribution of data, as well as for teleconsulting 
and remote reporting. The data are shown basically with a preview that, in the case of images is JPEG lossy 
format. The tele-consulting tool allows retrieving original data and using them for clinical purposes. 
The first window is the login page. Actually four categories of users been have been implemented, each of 
them with different levels of security: 

• Administrator, who is able to open any DPACS-03-WEB page and also configure and administer 03- 
DPACS; 

• Super User, who is able to see data previews and to manage 03-DPACS data, in order to 
add/modify/delete nodes or storage area. Regarding user management, the Super User can only 




change or add users for lower security levels. The Super User is typically an IT manager or ward 
responsible. This user can also delete exams or modify/unify patients' records. 

• Physician, typically radiologists working remotely, who is able to view data preview and to 
download 03-RWS Workstation to view the original ones for reporting or second opinion/tele- 
consulting purposes. 

• User, who is able to view previews of the data contained in 03-DPACS. 
The main interface of 03-DPACS-WEB is shown in the figure below: 
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Figure 5: 03-DPACS-WEB Main Screen 



"PACS CONTENT BROWSER" SECTION 

The section allows searching the patients' studies through the interface shown in the following figures: 
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03-DPACS-WEB, The Web Interface to 03-DPACS 

| PACS Content Browser || Study/Serie Recovery || DICOM Nodes Manager || User Manager || Admin Area | 


You are logged as: admin Last Login: 2008-11-14 10:20:09 | Logout ] 
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Figure 6: Search Form 
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03- D PACS-WE B , The Web Interface to 03-DPACS 
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Figure 7: Studies list window 

Each study found is represented by a row. On each of them it is possible to: 

• View a list of the series associated to the selected study; 

• Delete the selected study. This feature is limited to Super Users or higher groups; 

• View the original study with 03-RWS. This feature is limited to Physician or Administration users. 
The window that shows the series list is the following one: 



I 




03-DPACS-WEB, The Web Interface to 03-DPACS 

| PACS Content Browser [| Study/Serie Recovery || DICOM Nodes Manager || User Manager || Admin Area | 


You are logged as: admin Last Login: 2008-11-14 10:20:09 | Logout | 
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Figure 8: Series list window 

Each series can be removed, e.g. if there have been mistake in the acquisition process. Going further, it is 
possible to view previews of each DICOM object, through WADO protocol. The interface provides basic 
tools for operations on images such as zoom, pan and Window / Level. The figure below shows the 
interface for viewing images: 



Images Preview 




Figure 9: Web Images Viewer 



"STUDY/SERIES RECOVERY" SECTION 

The section provides a list of all the cancellations performed on the web interface. It is possible to restore 
them in the case of an erroneous deletion. Further information on this feature is described in the next 
sections. 

The interface for this feature is the following: 





03-DPACS-WEB, The Web Interface to 03-DPACS 

| PACS Content Browser | Study/Serie Recovery || DICOM Nodes Manager || User Manager || AdrninArea | 


You are logged as: admin Last Login: 2008-11-14 10:20:09 | Logout | 
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Figure 10: Recovery screen 



"DICOM NODES MANAGER" SECTION 

In this section, which is part of the 03-DPACS Administration tool, it is possible to manage all DICOM nodes 
that connect to 03-DPACS. Also storage area, on which the images are stored in, can be managed. The 
figure below shows the nodes management window: 



03-DPACS-WEB, The Web Interface to 03-DPACS 
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Figure 11: Nodes management window 



"USER MANAGER" SECTION 

The user management section, which is part of the 03-DPACS Administration tool, allows users 
management. The figure below shows this interface: 
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03-DPACS-WEB, The Web Interface to 03-DPACS 
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Figure 12: Users Management window 



"ADMIN AREA" SECTION 

This section allows managing and configuring 03-DPACS. It appears appears as shown in figure below: 



You are logged as: admin 



03-DPACS-WEB, The Web Interface to 03-DPACS 
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Figure 13: Administration page 

The first button allows activating or deactivating 03-DPACS DICOM services. The second is used to enter 
the configuration module. The third allows 03-DPACS runtime parameters monitoring, through graphic 
interface, e.g. for RAM occupation. 



TELERADIOLOGY TOOL 



Since the images displayed on 03-DPACS-WEB are not intended for diagnostic purposes, because they are 
in jpeg lossy format, 03-DPACS-WEB let the user to download the original ones. Web interfaces for image 
processing are always complicated, not user friendly and do not support multimonitor capabilities and do 
not use all hardware features. For overcoming this issue, 03-DPACS has been closely integrated with the 
03-RWS, the 03 Reporting Workstation. From the 03-DPACS-WEB study list, it is possible to open 03-RWS 
through Java Web Start technology. Automatically data are opened in the viewer panel of the workstation, 
in order to start as soon as possible the reporting process. It is important to underline that the 
communication between 03-RWS and 03-DPACS is done not through standard DICOM but through WADO 
protocol. In this way it is possible to overcome the needs of a static and public IP address for receiving 
images. 

The tool can be used from any computer and any type of connection. Through https secure connection is 
even unnecessary to create dedicated VPN. 

03-RIS 

The 03-RIS module allows basic management of patient registration, exam request, booking and 
management. 

The module layout is completely different from 03-DPACS one. The welcome screen is shown in the figure 
below: 




Radiology Information System 




Figure 14: 03-RIS Login Interface 

The 03-RIS module is characterized by the following sections: 

PATIENT MANAGEMENT 

03-RIS allows adding patients and editing their information through the interface shown in the figure 
below: 













Figure 15: Patient Management window 



ORDERS MANAGEMENT 

Once added the patient or selected one, it is possible to create an order for it, as illustrated in the following 
figure: 




Figure 16: Order management Interface 



ORDER SCHEDULING 

Once the order is created, 03-RIS shows the interface for scheduling. For each modality there is a list of 
available slots. It is possible to schedule the order in one of the slots. The following picture shows this 
interface: 
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Figure 17: Order Scheduling interface 



WORKLIST MANAGEMENT 

It is possible to manage order worklist and to open 03-RWS once exam is done. The figure below shows the 
worklist management window: 
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Figure 18: Worklist management window 



ATNA 



According to the recent legislation on privacy and personal data security, it is essential to trace all actions 
that are made to the personal data of subjects. Traceability is often confused with logs, and that, while 
theoretically allows reconstructing a history of actions made on patient personal data, on the other most of 
them are so complex and heavy that makes a critical reading very difficult (in some cases impossible). 
03 Enterprise wanted to focus on that aspect to bridge this gap in the today IT market in healthcare. Most 
systems on the market today do not allow an easy management of logs, thus making almost impossible 
tracking data. Other vendors offer completely proprietary solutions that while satisfying the punctual need, 
preclude the comprehensive one. Indeed proprietary systems do not allow, unless expensive and not 
always successful manipulation, integration with other systems thereby making the research of patient's 
history limited to the individual application, thus not allowing a uniform comparison. 
03 systems address this problem through the latest technological solutions on the market and have 
identified IHE's ATNA as the best solution to ensure traceability and security of communications and data. 



ATNA PROFILE 



The ATNA acronym stands for Audit Trial and Node Authentication and it is the solution proposed by IHE to 
keep track of personal data and to ensure a secure communication between nodes. Graphically the profile 
can be summarized as follows (from the official site IHE): 




Figure 19: ATNA functionalities 

The main characteristics of the profile are: 

> User Authentication 

The profile requires that each user, before running an application in an ATNA environment, should 
log in. Once it is authenticated, its work can be traced over the network. IHE does not provide any 
authentication systems. The way of authenticate the user is up of individual vendor and user. 

> Remote Node Authentication 

A very important thing is to ensure that only authorized nodes can have access to patient data. The 
systems should be configured to accept connections from those authorized nodes and refuse 
connections from unknown client. Unfortunately in the case of radiology, the dialogue between 
different nodes, via DICOM protocol, does not offer many guarantees. In fact DICOM provides only 
an IP/Application Entity Title filter. This does not guarantee an unwanted access to personal data 
contained in the server. To overcome this limitation, ATNA provides a type of authentication based 
on mutual exchange of digital certificates. PACS must have an updated list of authorized clients' 
certificates. Before every connection, there should be an Acknowledgment procedure in which the 
certificate offered by the client is compared with those on PACS' list. If the check success, the 
communication can continue, otherwise it stops. The same procedure can be used with the client 
that should controls PACS' credentials. 

> Secure Communication 

ATNA suggests that all the nodes should use secure communications in order to protect data while 
sent on the network. The way to ensure this is to create an encrypted TLS tunnel between DICOM 




nodes. This secure communication, provided by DICOM standard, is named DICOM TLS. 03 systems 
provide to set up secure communications with credential check. 
> Tracking Communications 

To keep track of all actions that take place within a secure ATNA environment, it is required an 
Audit Log server. ATNA provides a set of events driven messages that should be sent to a Audit Log 
Repository. These messages should contains information about the action performed, the date and 
time, the user that has generated it, the owner of the personal data, the nodes involved and other 
useful information. Through appropriate interfaces, on the Audit Log Repository it is possible to 
track every action and carry out statistical analysis on each event. 

ATNA IN 03-DPACS 

03-DPACS, like all other 03 products, is IHE compliant and that fact has been tested during the IHE 
Connecthaton. This is an event in which health IT systems producers test mutual communication. 
As for DICOM node authentication, 03-RWS is configured to exchange certificates for every connection and 
then authenticate remote nodes. This feature is not limited only to dialogue between 03 applications but 
can also be extended to other actors involved in the workflow. 

03-DPACS can be configured to send audit log messages to an IHE Audit Log Repository. These log 
messages are sent every time a transaction on patient data is done. The collection of all this information 
from all nodes in the workflow, ensure traceability according to the latest legislation. 
In addition, 03 Enterprise can offer an Open Source Audit Log Server, properly configured and adapted to 
the particular needs of the customer. 

| AUTHENTICATION SYSTEMS 

03-DPACS is a system that does not interact graphically with users and therefore has no need of 
authentication systems. To avoid unauthorized access, there is a security control on the nodes that connect 
to 03-DPACS. This control is done through certificates exchange and an acknowledgement between nodes, 
prior to send images. Only certificates contained in 03-DPACS list are accepted. 

For 03-WEB-DPACS, that offers a graphical interface to the user, it is proposed both local authentications, 
by typing username/password and database, and remote authentications via LDAP system. In each of them, 
there are few users' categories: 

o Administrator, who has access to all sections and can also change 03-DPACS settings; 
o Super User, who has access to all sections except those for the administration of 03- 
DPACS; it cannot view original images, 
o User, who has the opportunity to see the preview of data contained; 
o Physician, who can see data previews and download 03-RWS for the original ones. This is 
suitable for remote reporting or second opinion/teleconsulting. 




INFORMATION AND PERSONAL DATA PROTECTION 

03-DPACS is designed to provide high level protection of the data contained in it. The objects that it 
receives should remain unchangeable in order to avoid loss of information or their modification. Many 
security checks have been implemented. The first security check regards that 03-DPACS is unable to save 
DICOM objects with the same ID twice. If a node sends them to 03-DPACS and they are already present, 
they are refused and the node receives an error message. This avoids overwriting the objects, thus keeping 
information unmodified. 

The second security check regards objects fingerprint. To avoid errors in the storing procedure, 03-DPACS 
creates the fingerprint (Hash) of every objects received, saving it on the database. If the DICOM node sends 
a Storage Commitment message, 03-DPACS pulls images from the file system, generates the fingerprint 
and compare it with that contained in the database. If the two objects match, it means that the objects 
were saved without errors. And 03-DPACS replays with a positive message. Otherwise, it means that there 
have been problems during storing procedure and the DICOM objects should be sent again. 
Also the database and storage area offers other security checks. Only authorized users, typically system 
administrators, are able to access the physical media. Users will not have the capabilities to write, change 
or read objects. 

Another security check is implemented in DPACS-03-WEB. In fact, as explained before, both Administrators 
and Super-users have the permission to delete studies, series or instances, trough the web interface. This 
feature has been implemented to overcome the ID security check. If fact if an erroneous data is stored it is 
impossible to save the correct one because sometimes its ID remains the same. And 03-DPACS refuses it. 
So it is possible to delete wrong data in order to send them again. For security reason, when the user delete 
data, 03-DPACS only change some fields in the database, as the object ID. All modifications are collected in 
a recovery table, shown in the following figure: 
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Figure 20: Recovery Interface 

Each line corresponds to a delete operation. The interface shows the user that did the operation, the date 
and time, who the data belong to and the reason. Through this interface it is possible to restore all data to 



the state prior the deletion process. Obviously system keeps track of this, integrating the recovery record 
with the information of who restored it and when this happened. 



SYSTEMS ACCOMPANYING THE SUITE 



VOICE RECOGNITION 

To facilitate the work of the specialist during the reporting activity, 03-DPACS was designed to be 
integrated with the most common and well-performing voice recognition software, in particular those 
provided by Philips and IBM. Theoretically, each text box in this application may be filled through the use of 
voice rather than the classic keyboard. 

Moreover, to facilitate the use of applications in a clinical context was introduced the possibility of 
controlling and managing some basic functionality through voice commands. Other types of controls can be 
agreed with the client. 



The instruments recommended and integrated with 03 systems are: 
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Figure 21: Handheld 


Figure 22: Headset 


Figure 23: Wireless 


Figure 24: Bluetooth 
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PRINTING AND BURNING PATIENT CDS 

On 03-DPACS is also featured a tool that allows to create Patient CDs. This tool follows closely the Portable 
Data for Imaging (PDI) profile of IHE. This profile explains how to create a CD with a standard structure, so 
that other systems are able to open it. 

03-DPACS creates CDs with the following files / folders in the root directory: 




Picture 25: Patient CD structure 



The DICOMDIR file contains references to DICOM images saved in the media. The README.txt file contains 
information about who created the CD/DVD. To facilitate the patient in viewing images and reports, a 
simple website with all images in JPEG lossless format is included in the CD/DVD. The website layout, 
accessible through the index.htm file, is configurable and can be modified by the user. On the CD there is 
also the 03-RWS workstation, in order to view original images and perform "image processing" operations 
if necessary. 

The burning process is done through local drives on the PC where 03-DPACS is installed. It is possible to 
provide a central burning server that 03-DPACS connects to. Actually 03-DPACS is integrated with the 
Rimage systems, in particular with the RIMAGE 2000i, shown in the figure below: 




Picture 26: The Rimage 2000i system 

Using this solution, the labels to be printed on the CD / DVD can be easily designed, in order to adapt them 
on customer's needs. 




STANDARD AND INTEROPERABILITY 



DICOM 



Particular emphasis was placed on protocols chosen to save and communicate image and data. 03 
Consortium pursues the vision that standards and open formats are an added value of the whole system, 
allowing an easy integration with other operating systems. 

Starting point for a system that aims to be interoperable and flexible is the use of open and totally 
transparent communications. That is the philosophy that guides the development of 03 solutions, avoiding 
any kind of proprietary communication and preferring only standard and well-established protocols. 

IHE 



03 Consortium was born and continues to operate with the idea that standard and especially 
interoperability are the most important things in modern IT system management. It came natural to move 
to move towards the vision of the "Integrating the Healthcare Enterprise" (IHE) project. The IHE vision is 
widely shared by 03 systems and it is the basis for all products development. In the design phase, they are 
not regarded as systems but as IHE actors. 

03-Enterprise, following this focus, made interoperability its mission. 

The main profiles / actors that have been implemented in 03 solutions are listed below: 



SCHEDULED WORKFLOW PROFILE (SWF) 

The Scheduled Workflow profile ensures cooperation in the radiological workflow. It manages orders, 
reservations, images acquisitions, storage procedures and the display of radiological images. 
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Figure 27: Scheduled Workflow Profile 



PATIENT INFORMATION RECONCILIATION PROFILE (PIR) 

The Patient Information Reconciliation profile tries to solve some common issues in patient registration. It 
takes care of reconciliation of patient information through different systems inside hospitals. It is necessary 



when the images were acquired but the patient is not jet identified (e.g. unconscious), or wrongly 
identified. 
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Figure 28: Patient Information Reconciliation Profile 



CONSISTENT PRESENTATION OF IMAGES (CPI) 

The Consistent Presentation of Images profile allows managing Presentation States objects that contains 
graphical information on how radiological images should be displayed. 



KEY IMAGE NOTE (KIN) 

This profile allows users to post interesting images (e.g. for reporting, surgery, etc.) and add notes to them, 
making more easily recognizable. This is very important for big sets of images, like multilayer CTs. 



AUDIT TRAIL NODE AUTHENTICATION (ATNA) 

This profile describes some the security systems for authentication using certificates and sending audit 
events to a repository. This helps to implement policies of confidentiality. 



ACCESS TO RADIOLOGY INFORMATION (ARI) 

Access to Radiology Information, applied to Image Manager/Archive actor, specifies DICOM access to data 
within a single network, so that they can be found and recovered in a consistent way. 



CONSISTENT TIME (CT) 

This profile allows you to synchronize the time for all the hospital's systems. 



CROSS ENTERPRISE DOCUMENT SHARING FOR IMAGING (XDS-I) 

It extends the XDS profile to share images, diagnostic reports and related information within a group of 
points of care (e.g. regional network). 



PORTABLE DATA FOR IMAGING (PDI) 



Portable Data for Imaging allows a reliable exchange of data, images and diagnostic reports on CD for the 
import, printing, or alternatively, the display on a browser. 

REPORTING WORKFLOW (RWF) 

This profile enables the medical staff, at any step of the complex process of reporting, to be monitored and 
organized so to ensure maximum simplicity and transparency, which are key requirements for obtaining a 
diagnosis complete, accurate and free of error, providing worklist, the status and the result of monitoring 
the reporting activities, such as dictation, transcription and verification. 

REPORTING WORKFLOW (RWF) 

This profile enables the medical staff, at any step of the complex process of reporting, to be monitored and 
organized so to ensure maximum simplicity and transparency, which are key requirements for obtaining a 
diagnosis complete, accurate and free of error, providing worklist, the status and the result of monitoring 
the reporting activities, such as dictation, transcription and verification. 



REFERENCES 



03-DPACS can already boast excellent references: 

• Azienda Ospedaliera di Padova 

Since 2006 03-DPACS manages all radiological exams of Azienda Ospedaliera and Clinica 
Universitaria di Padova (Padua Hospital): 150 nodes connected, more than 150,000 exams per year 
with more than 20 million images in the database. 

• Azienda Universitaria-Ospedaliera di Trieste 

An 03-DPACS server is now installed in Radiology Unit and manages Unit's requirements on images 
for research and teaching in order to create a network of research for multicenter anonymized 
data. 

• Azienda Ospedaliera e Universita degli studi di Pisa 

Two 03-DPACS servers have managed the imaging needs of hospitals Cisanello and Santa Chiara in 
Pisa since September 2005 at production level. The systems will be replaced with a 03-DPACS 
server for research purposes, in order to create a network of research for multicenter anonymized 
data. 
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